<?php

//Checks to see if the username and password are in the users table and 
//returns correct row.

	//include the configuration file with database username and password
	include("config.php");
	
	$query="select * from USER where username='" . $_POST['username'] . "' and password='" . $_POST['password2'] . "'";

	$rs=mysql_query($query, $conn);// or die("Sql execution unsuccessful... ERROR:" . mysql_error());

	if(mysql_num_rows($rs)==1)
	{
		while($row = mysql_fetch_assoc($rs)) {
			echo "<user>\n";
			echo "<userId>" . $row['USER_ID'] . "</userId>\n";
			echo "<username>" . $row['USERNAME'] . "</username>\n";
			echo "<password1>" . $row['PASSWORD'] . "</password1>\n";
			echo "<firstname>" . $row['FNAME'] . "</firstname>\n";
			echo "<surname>" . $row['SNAME'] . "</surname>\n";
			echo "<address1>" . $row['ADDRESS1'] . "</address1>\n";
			echo "<address2>" . $row['ADDRESS2'] . "</address2>\n";
			echo "<city>" . $row['CITY'] . "</city>\n";
			echo "<state1>" . $row['STATE'] . "</state1>\n";
			echo "<country>" . $row['COUNTRY'] . "</country>\n";
			echo "<postcode>" . $row['POSTCODE'] . "</postcode>\n";
			echo "<email>" . $row['EMAIL'] . "</email>\n";
			echo "</user>\n";
			}
		}
		else
		{
			echo "<error>Error</error>";
		}
?>